[Git][security-tracker-team/security-tracker][master] fill in details for older undertow issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 6 20:33:51 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0eadeab5 by Moritz Muehlenhoff at 2021-07-06T21:33:00+02:00
fill in details for older undertow issue
remove old TODO, if this were an issue with docker, it would have ended up
  in docker CVE assignments ultimately

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39213,9 +39213,9 @@ CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM G
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
 CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
-	- undertow <undetermined>
+	- undertow 2.2.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
-	TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if affected any Debian released version
+	NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e
 CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...)
 	- linux <not-affected> (Red Hat specific issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
@@ -39293,7 +39293,6 @@ CVE-2021-20206 (An improper limitation of path name flaw was found in containern
 	[stretch] - golang-github-appc-cni <no-dsa> (Minor issue)
 	NOTE: https://github.com/containernetworking/cni/pull/808
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
-	TODO: check details, impact on docker.io?
 CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of  ...)
 	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eadeab5a1966d957a7a55dafdf6bf8b1c1e4e1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0eadeab5a1966d957a7a55dafdf6bf8b1c1e4e1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210706/7aee9c61/attachment.htm>

More information about the debian-security-tracker-commits mailing list